From 2ad1a42ca667ff21e6f7d2ae906be23a20430036 Mon Sep 17 00:00:00 2001 From: Brant Knudson Date: Tue, 23 Jun 2015 10:53:50 -0500 Subject: [PATCH] Use keystone wsgi_scripts Devstack was setting up a separate directory and copying http/keystone.py into it for the admin and public endpoints. Keystone now defines wsgi_scripts entrypoints so that keystone-wsgi-admin and keystone-wsgi-public are created on install so devstack can reference these files instead. See http://httpd.apache.org/docs/2.4/upgrading.html#access for the apache docs with examples for the Allow|Deny/Require directives. Depends-On: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace Change-Id: Ided688be62b64066d90776313c963ec5016363f2 --- files/apache-keystone.template | 24 ++++++++++++++++++++++-- lib/keystone | 15 +-------------- 2 files changed, 23 insertions(+), 16 deletions(-) diff --git a/files/apache-keystone.template b/files/apache-keystone.template index 6dd1ad9ea6..4d3d2d6623 100644 --- a/files/apache-keystone.template +++ b/files/apache-keystone.template @@ -5,7 +5,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV% WSGIProcessGroup keystone-public - WSGIScriptAlias / %PUBLICWSGI% + WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On = 2.4> @@ -16,12 +16,22 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" %SSLENGINE% %SSLCERTFILE% %SSLKEYFILE% + + + = 2.4> + Require all granted + + + Order allow,deny + Allow from all + + WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV% WSGIProcessGroup keystone-admin - WSGIScriptAlias / %ADMINWSGI% + WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On = 2.4> @@ -32,6 +42,16 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" %SSLENGINE% %SSLCERTFILE% %SSLKEYFILE% + + + = 2.4> + Require all granted + + + Order allow,deny + Allow from all + + Alias /identity %PUBLICWSGI% diff --git a/lib/keystone b/lib/keystone index e2448c9068..921dc766dd 100644 --- a/lib/keystone +++ b/lib/keystone @@ -51,11 +51,6 @@ fi KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone} KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini} -if is_suse; then - KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/srv/www/htdocs/keystone} -else - KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone} -fi # Set up additional extensions, such as oauth1, federation # Example of KEYSTONE_EXTENSIONS=oauth1,federation @@ -132,14 +127,11 @@ function cleanup_keystone { # _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file function _cleanup_keystone_apache_wsgi { - sudo rm -f $KEYSTONE_WSGI_DIR/* sudo rm -f $(apache_site_config_for keystone) } # _config_keystone_apache_wsgi() - Set WSGI config files of Keystone function _config_keystone_apache_wsgi { - sudo mkdir -p $KEYSTONE_WSGI_DIR - local keystone_apache_conf=$(apache_site_config_for keystone) local keystone_ssl="" local keystone_certfile="" @@ -161,22 +153,17 @@ function _config_keystone_apache_wsgi { venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/$(python_version)/site-packages" fi - # copy proxy vhost and wsgi file - sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main - sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin - sudo cp $FILES/apache-keystone.template $keystone_apache_conf sudo sed -e " s|%PUBLICPORT%|$keystone_service_port|g; s|%ADMINPORT%|$keystone_auth_port|g; s|%APACHE_NAME%|$APACHE_NAME|g; - s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g; - s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g; s|%SSLENGINE%|$keystone_ssl|g; s|%SSLCERTFILE%|$keystone_certfile|g; s|%SSLKEYFILE%|$keystone_keyfile|g; s|%USER%|$STACK_USER|g; s|%VIRTUALENV%|$venv_path|g + s|%KEYSTONE_BIN%|$KEYSTONE_BIN_DIR|g " -i $keystone_apache_conf }